Pki part 1
- 2. “An enterprise-wide service (i.e. data integrity, user identification and authentication, user non-repudiation, data confidentiality, encryption, and digital signature) that supports digital signatures and other public key-based security mechanisms for Department of Defense functional enterprise programs, including generation, production, distribution, control, and accounting of public key certificates. A public key infrastructure provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks. Public keys are bound to their owners by public key certificates. These certificates contain information such as the owner's name and the associated public key and are issued by a reliable certification authority. Also called PKI.” (Dictionary of Military and Associated Terms, 2005)”
- 3. Creating, Distributing, and Storing Digital Certificates Pair of Public and Private (Secret) Key Managed by a Certificate Authority Public Key= visible to all Private key= secret (only certain users have access) Private key encrypts and decrypts messages
- 4. Certificate Authority (CA) Responsible for issuing and verifying certificates Registration Authority (RA) Identify and Verify the user before CA Central Directory Secure location to store and index keys from CA Certificate Management Authority Determines roles and responsibilities in management and distribution of certificates.
Editor's Notes
- #4: A Public-key infrastructure system revolves around creating, distributing, and storing digital certificates. These digital certificates verify that a person is who they say they are through digital signatures that identify the identity of a user. Public-key infrastructure consists of a pair of a public and a private cryptographic key that bind users on an insecure network. These keys are created, controlled, stored, and distributed through a trusted authority, also known as a Certificate Authority. While the public key may be visible to all users in a network, private keys are hidden and may only be visible to certain users who have obtained access. The key is responsible for encrypting and decrypting messages, so it is intended to be secret with only certain users given access to the private key in order to decrypt messages. Therefore, businesses and government agencies often go to extreme lengths to keep keys secret, because if it is intercepted, messages can be decrypted by unintended users.
- #5: Public key infrastructure systems consist of a Certificate Authority (CA), a Registration Authority (RA), a Central Directory, and a Certificate Management System (Vacca, 2004). The Certificate Authority is responsible for issuing and verifying digital certificates. The Registration Authority acts as a third party intermediary between the user and the Certificate Authority; the RA is responsible for maintaining lists of codes that identify and verify the user for access to the CA. The RA and CA may or may not be separate, depending on the framework. The Central Directory represents a location that is secure and responsible for the storing and indexing of keys by the Certificate Authority. The Certificate Management System (CMS) determines the roles and responsibilities in the managing and distribution of certificates.